Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

iDefense Tracks Dramatic Growth in Password-Stealing Keyloggers

  • 16 November, 2005 09:43

<p>iDefense, the cyber security intelligence provider and a VeriSign company (Nasdaq: VRSN), today released data indicating that hackers are on pace to unleash a record setting 6,191 keyloggers in 2005, a 65 per cent increase from 3,753 keyloggers in 2004 and significantly more than the 300 in 2000.</p>
<p>Keyloggers are silently installed programs that record a victim’s keystrokes and sends them to hackers, putting tens of millions of Internet users’ finances, personal data and account information at risk. Largely distributed by organised cyber theft groups, they are typically packaged with phishing emails or spyware – malicious code that than tracks victims’ online activity – often eluding traditional security defenses like anti-virus software and firewalls.</p>
<p>“Keylogging is very effective method for hackers,” said Joe Payne, vice president, VeriSign® iDefense Security Intelligence Services. “Fraudsters can launch hundreds of keylogging attacks around the world in seconds, gathering sensitive data to conduct large scale monetary transfers for their illegal activities.”</p>
<p>Once a keylogging program is activated, it provides hackers with personal data such as address, account numbers, mother’s maiden names or passwords – any strings of text a person might enter online. Using this information to assume another’s identity, hackers run up charges averaging US$3,968 per victim, according to a Nationwide Mutual Insurance Co. survey. Sixteen per cent of victims were required to pay for at least some of this fraud, and spent an average of 81 hours to resolve their cases, reported the survey.</p>
<p>Anatomy of a Keylogger</p>
<p>Hackers rely on a variety of techniques, including Internet Relay Chat and backdoor access to systems, to gather and filter logged keystrokes. Some groups create and sell keylogging programs to identity thieves, while others sell the stolen data. Still, others obtain the data and execute the fraudulent transactions.</p>
<p>“There are so many victims because so few know the risk or the early warning signs; you simply can’t stop what you can’t see,” added Payne. “In addition to basic protection like up-to-date anti-virus programs and well configured firewalls, the best defense for keylogging is to carefully track the organisations and hackers who promulgate these programs.”</p>
<p>iDefense maintains a malicious-code report database containing more than 115,000 unique threats to date, classified according to their functionality and type. All threats that log keystrokes were tallied for the time periods noted. Typically they were found in Trojans and adware or spyware codes.</p>
<p>The VeriSign iDefense Security Intelligence Services team protects the world’s largest networks in government, financial and retail markets. Its daily intelligence reports on emerging and established cyber threats – including actionable mitigation steps – are considered essential reading by industry security personnel, and drive customers’ proactive network defense strategies.</p>
<p>iDefense analysts perform open-source research on Internet criminal activity in 13 languages and track Internet cybercrime in more than 30 countries. iDefense publishes weekly on hacker groups, cyber crime, software vulnerabilities, phishing schemes and malicious code (viruses, worms, Trojans, spyware and keyloggers).</p>
<p>About iDEFENSE and VeriSign</p>
<p>iDefense, a VeriSign company, provides information security intelligence to the U.S. government and Global 2000 companies, including leaders in financial services, energy, transportation and telecommunications. The company provides customised, actionable, timely and relevant intelligence detailing potential threats, vulnerabilities and security issues directly to C-level executives, general counsels, auditors, senior security managers and staff, and system administrators. Further information is available at or (703) 480-4602. VeriSign, Inc. (Nasdaq: VRSN), operates intelligent infrastructure services that enable and protect billions of interactions every day across the world’s voice and data networks. Additional news and information about the company is available at</p>
<p>Statements in this announcement other than historical data and information constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements involve risks and uncertainties that could cause VeriSign's actual results to differ materially from those stated or implied by such forward-looking statements. The potential risks and uncertainties include, among others, the uncertainty of future revenue and profitability and potential fluctuations in quarterly operating results due to such factors as the inability of VeriSign to successfully market its services, including VeriSign iDefense Research; customer acceptance of the services as provided by VeriSign; increased competition and pricing pressures; and the inability of VeriSign to successfully develop and market new products and services and customer acceptance of any new products or services. More information about potential factors that could affect the company's business and financial results is included in VeriSign's filings with the Securities and Exchange Commission, including in the company's Annual Report on Form 10-K for the year ended December 31, 2004 and quarterly reports on Form 10-Q. VeriSign undertakes no obligation to update any of the forward-looking statement after the date of this press release.</p>

Most Popular